Skip to main content Accessibility help
×
Home
Hostname: page-component-544b6db54f-jcwnq Total loading time: 1.653 Render date: 2021-10-24T00:04:03.173Z Has data issue: true Feature Flags: { "shouldUseShareProductTool": true, "shouldUseHypothesis": true, "isUnsiloEnabled": true, "metricsAbstractViews": false, "figures": true, "newCiteModal": false, "newCitedByModal": true, "newEcommerce": true, "newUsageEvents": true }

61 - HIPAA Compliance

from Part IX - Analysis of Particular Fields

Published online by Cambridge University Press:  07 May 2021

Benjamin van Rooij
Affiliation:
School of Law, University of Amsterdam
D. Daniel Sokol
Affiliation:
University of Florida
Get access

Summary

Abstract: Despite the federal Department of Health and Human Services’ provision of considerable guidance and technical assistance to covered entities and business associates regarding their responsibilities under the HIPAA Privacy, Security, and Breach Notification Rules (HIPAA), little is known about the extent of compliance across the healthcare industry as well as reasons for noncompliance. This chapter reviews academic, industry, and government studies assessing HIPAA compliance and presents relevant insights. These insights relate to the extent to which small numbers of covered entities comply with the HIPAA Privacy Rule’s plain language requirement, the HIPAA Privacy Rule’s access to protected health information requirement, the HIPAA Security Rule’s addressable encryption standard, and the HIPAA Security Rule’s audit logs and access reports requirement. Additional insights relate to the extent to which covered hospitals and health systems believe that they are complying with the HIPAA Privacy and Security Rules, the impact of HITECH on data breaches involving business associates, the organizational strategies and institutional environments that influence compliance, and the extent to which institutional pressures and internal security needs assessments influence investment in security compliance.

Type
Chapter
Information
Publisher: Cambridge University Press
Print publication year: 2021

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

American Health Information Management Association (AHIMA). 2004. The State of HIPAA Privacy and Security Compliance. http://bok.ahima.org/PdfView?oid=23016.Google Scholar
American Health Information Management Association (AHIMA). 2006. The State of HIPAA Privacy and Security Compliance. http://bok.ahima.org/doc?oid=100517#.XW05lpNKiT8.Google Scholar
Anthony, Denise L., Appari, Ajit, and Johnson, M. Eric. 2014. “Institutionalizing HIPAA Compliance: Organizations and Competing Logics in U.S. Health Care.” Journal of Health and Social Behavior 55: 108–24.CrossRefGoogle ScholarPubMed
Anthony, Denise L., and Stablein, Timothy. 2016. “Privacy in Practice: Professional Discourse about Information Control in Health Care.” Journal of Health Organization and Management 30:207–26.CrossRefGoogle ScholarPubMed
Carrion, Inmaculada, Aleman, Jose Luis Fernandez, and Toval, Ambrosio. 2011. “Assessing the HIPAA Standard in Practice: PHR Privacy Policies.” Annual Conference of the IEEE EMBS 33 (August–September): 2380–3.Google Scholar
Cavusoglu, Huseyin, Cavusoglu, Hasan, Son, Jai-Yeol, and Benbasat, Izak. 2015. “Institutional Pressures in Security Management: Direct and Indirect Influences on Organizational Investment in Information Security Control Resources.” Information and Management 52: 385400.CrossRefGoogle Scholar
Drolet, Brian C., Marwaha, Jayson S., Hyatt, Brad, Blazar, Phillip E., and Lifchez, Scott D.. 2017. “Electronic Communication of Protected Health Information: Privacy, Security, and HIPAA Compliance.” Journal of Hand Surgery 42, No. 6 (June): 411–16.CrossRefGoogle ScholarPubMed
Freundlich, Robert E., Freundlich, Katherine L., and Drolet, Brian C.. 2018. “Pagers, Smartphones, and HIPAA: Finding the Best Solution for Electronic Communication of Protected Health Information.” Journal of Medical Systems 42:9.CrossRefGoogle Scholar
Lye, Carolyn T., Forman, Howard P., Gao, Ruiyi, Daniel, Jodi G., Hsiao, Allen L., Mann, Marilyn K., deBronkart, Dave, Campos, Hugo O., and Krumholz, Harlan M.. 2018. “Assessment of US Hospital Compliance with Regulations for Patients’ Requests for Medical Records.” JAMA Open Network (October 5): 112.CrossRefGoogle Scholar
McKnight, Randall, and Franko, Orrin. 2016. “HIPAA Compliance with Mobile Devices Among ACGME Programs.” Journal of Medical Systems 40, No. 5 (May): 129.CrossRefGoogle ScholarPubMed
Paasche-Orlow, Michael, Brancati, Frederick L., Taylor, Holly A., Jain, Sumati, Pandit, Anjali, and Wolf, Michael S.. 2013. “Readability of Consent Form Templates: A Second Look.” IRB: Ethics and Human Research 35, No. 4 (July–August): 1219.Google ScholarPubMed
United States Department of Health and Human Services (HHS). 2016. Individuals’ Right Under HIPAA to Access Their Health Information 45 CFR § 164.524. www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html.Google Scholar
United States Department of Health and Human Services (HHS). 2018. Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance for Calendar Years 2015, 2016, and 2017. www.hhs.gov/sites/default/files/compliance-report-to-congress-2015–2016–2017.pdf.Google Scholar
United States Department of Health and Human Services (HHS). 2019. HIPAA Compliance and Enforcement. www.hhs.gov/hipaa/for-professionals/compliance-enforcement/index.html.Google Scholar
Yaraghi, Niam, and Gopal, Ram D.. 2018. “The Role of HIPAA Omnibus Rules in Reducing the Frequency of Medical Data Breaches: Insights from an Empirical Study.” Milbank Quarterly 96, No. 1: 144–66.CrossRefGoogle ScholarPubMed

Send book to Kindle

To send this book to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle.

Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Send book to Dropbox

To send content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about sending content to Dropbox.

Available formats
×

Send book to Google Drive

To send content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about sending content to Google Drive.

Available formats
×